[145479] in cryptography@c2.net mail archive
Re: A mighty fortress is our PKI, Part II
daemon@ATHENA.MIT.EDU (Alexandre Dulaunoy)
Wed Jul 28 18:47:40 2010
In-Reply-To: <E1Oe8ur-0008Vz-Pk@wintermute02.cs.auckland.ac.nz>
Date: Wed, 28 Jul 2010 22:03:08 +0200
From: Alexandre Dulaunoy <a@foo.be>
To: cryptography@metzdowd.com
On Wed, Jul 28, 2010 at 5:51 PM, Peter Gutmann
<pgut001@cs.auckland.ac.nz> wrote:
> Nicolas Williams <Nicolas.Williams@oracle.com> writes:
>
>>Exactly. =A0OCSP can work in that manner. =A0CRLs cannot.
>
> OCSP only appears to work in that manner. =A0Since OCSP was designed to b=
e 100%
> bug-compatible with CRLs, it's really an OCQP (online CRL query protocol)=
and
> not an OCSP. =A0Specifically, if I submit a freshly-issued, valid certifi=
cate to
> an OCSP responder and ask "is this a valid certificate" then it can't say=
yes,
> and if I submit an Excel spreadsheet to an OCSP responder and ask "is thi=
s a
> valid certificate" then it can't say no. =A0It takes quite some effort to=
design
> an online certificate status protocol that's that broken.
OCSP is even better for an attacker. As the OCSP responses are
unauthenticated[1], you can be easily fake the response with
what ever the attacker likes.
http://www.thoughtcrime.org/papers/ocsp-attack.pdf
[1] Would be silly to run OCSP over SSL ;-)
--=20
--=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=A0 Alexandre Dulaunoy (adulau) -- htt=
p://www.foo.be/
--=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=A0 http://www.foo=
.be/cgi-bin/wiki.pl/Diary
--=A0 =A0 =A0 =A0=A0 "Knowledge can create problems, it is not through igno=
rance
--=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 that we c=
an solve them" Isaac Asimov
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
